Please beware of fraudulent messages and websites that misrepresent Citibank by using our logo and brand identity to deceitfully gather your personal information and seek payments.

They try to look identical to a legitimate bank or trusted company by using an organization's website graphics and logos, but are set-up in an attempt to steal sensitive personal and financial information.

Here are some tips to help you know who is an imposter.

Beware of known fraudulent websites such as onlinecsp, bankscsp, apnacsp, bankmitra, etc., read our email series and check our Citi Security Centre for updates.

Phony websites often do not contain the padlock sign on either the left or right hand side of the URL

Phony websites typically do not begin with HTTPS in the URL bar.

Phony websites may display an IP Address or numerical address (e.g., in your web browser's address bar instead of a domain name (e.g.,

Phony email ids will often have accessible domain names like Gmail, Yahoo, Hotmail, etc. instead of the official domain name like

They may use tampered logos (stretched/poor graphics) and branding or even use an old version with low resolution, dimensions or mismatching colours.

They appear to be the official site of a well-known and respected institution and use genuine pages copied to a new fake address.

They will try to lure you through ‘spam’ email, fake rewards, offers on bank products like loans and cards, security and maintenance upgrades, false bills and charges, etc.

Please avoid engaging with websites that claim to be acting on behalf of Citi. All genuine Citibank URLs will begin with, and

Never fill an E-mail with input fields that ask you for sensitive data such as User ID, Passwords, IPIN, ATM PIN and account number information. Citibank will never send you any such request. In case you end up making a payment by mistake, please contact your bank immediately.